Cybersecurity: Bit9 Gets $34.5M From Sequoia, Others For Its Whitelist Approach To Fighting Attacks

Hacking, viruses, megabreaches and other cybercriminal activity are on the increase, and cybersecurity specialists Bit9 has today announced a significant round of funding to help fight it.

Bit9, which works with 30 of the Fortune 100 companies, Raised its biggest round yet, a $34.5 million Series D led by new investor Sequoia Capital, with participation from existing investors Atlas Venture, Highland Capital Partners, Kleiner Perkins Caufield & Byers, and .406 Ventures.

The growth of cybercrime has massively increased the need for companies to protect their data, and that is giving rise to a number of new approaches for how to do that most effectively. Bit9’s approach plays on a new trend among cybersecurity companies: traditional protection is based around the concept of a blacklist of forbidden sites, but Patrick Morley, the CEO of Bit9, explains that his company turns this on its head to focus not on what shouldn’t be allowed in, but only on what should — the so-called “whitelist” approach to the problem.

The idea, he says, is to trust only sites that are known, rather than trying to account for the ones that are not. The reason for this, he says, is because viruses, worms and the people who create them are regularly changing what they are doing, so to try to account for all that is bad and new is virtually impossible. “The challenge with security is that it is hard because to create new threats is so easy that they pass right through” an existing blacklist security wall, he tells me.

Think of the old approach as a flu shot: these tend to only account for the most common strains of influenza, and so that means you can still catch a flu if it’s a new variation that hasn’t been included in the seasonal shot.

Up to now, this approach to cybersecurity has given Bit9 some significant accolades.

Morley notes that Bit9 — which says it works with some 700 organizations in total (although it doesn’t name any of them) and says it’s growing at 100 percent annually in terms of business — was the only company in the world to date that has been able to stop the Flame virus (or at least publicly state that it has…), and it was the only one that stopped the RSA breach.

On Flame, Morley notes that the block was almost inadvertent. It simply was not on its whitelist for a particular customer: “We stopped it not because it was Flame, but because it was not trustworthy,” he says.

Morley says that the changes in cybersecurity have really started to take place in the last 24 months — not just in terms of attacks being ramped up, but also because enterprises have become much more aware of the issue of breaches. He says that these days the conversation is happening at board level, with companies increasingly aware of “how risky things are.”

As we heard earlier this year in Verizon’s big cyber security report, the biggest threats today, he confirms, come from organized crime, nation states looking for IP from other countries and hacktivists like Anonymous. The nation state, which includes acts attacking not just governments but international attacks on businesses based a particular country, may perhaps be the biggest threat of all.

Going forward, Morley says that Bit9 plans to extend its whitelist approach to cover more platforms than it does today, with some of those developments to come in the next two quarters. He says the company already sees success covering security on laptops and desktops, as well as data centers and infrastructure, “but if you think about it the move to mobile, bring your own device and cloud” are also becoming increasingly significant areas, he says. These are also areas that Bit9 will seek to further incorporate into its support.

The cost for cybercrime attacks — according to the Ponemon Institute, which interviewed 50 companies — is now at $5.9 million, with the highest now $36.4 million.

To date, Bit9 has now raised $72.8 million in funding.